Ex-NSA bigwig Chris Inglis appointed America's national cyber director by Senate Chris Inglis was last week appointed America’s national cyber director, responsible for coordinating the government’s computer security strategy and defending its networks. The former deputy director at the NSA, who spent nearly three decades at the agency, was approved by the Senate on Thursday. The United States has been …
"Around a third of those hit by ransomware reported C-level execs exiting after an attack..."
This is cast as a bad thing, which seems to reverse cause and effect. Instead of seeing this as a talent exodus caused by the attack, we could instead see it as accountability being enforced by the directors. An organisation that's in bad enough shape to suffer a successful ransomware attack certainly ought to be taking a hard look at whether its IT leaders have been doing their jobs. But if the organisation's confidence in its ability to recover is also so low that they chose to pay criminals instead, that pretty much guarantees heads need to roll. The disgusting thing is that this figure is only 1/3. What were the owners of the other 2/3 of those companies thinking as they sent their money to criminals? If they were thinking about how to retain their CEO and CIO, I suppose they're getting exactly what they deserve!
Unfortunately, I'd guess that the other 2/3 were just getting their Risk/Reward calculations wrong.
I've been in a lot of places where Those On High run their businesses with a lot of risk - for example, not spending money on proper security. The rewards of that approach can be high for them, providing they don't get hit during their incumbency. Sometimes I have actually wondered whether they actively take this approach, or just stick their fingers in their ears and hope.
Even more unfortunate is the fact that they will get to keep the rewards and it's the company who pays for the impact of the failure.
TalkTalk was the classic example. The downside of the TalkTalk hack was that it demonstrated that the C-Level crew can get away with even such an egregious failure, with a few lies about "our customers' security is our highest priority". The TalkTalk debacle doesn't seem to have done Dido Harding's career the damage it should have done.
(<Deity(s)> forbid she actually gets the job of heading the NHS. If that happens, I'm leaving the country.)
"Paying off ransomware extortionists is a fool’s errand, costing businesses not only cash but talent..."
"Around a third of those hit by ransomware reported C-level execs exiting after an attack..."
And here I thought "talent" was the people that actually do the work rather than the ones who just take the credit when it goes well. Silly me.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
